New York AG Settles With Companies Over App Security -- 2nd Update
December 14 2018 - 7:18PM
Dow Jones News
By Patrick Thomas
The New York attorney general's office said Friday it has
reached a settlement with five companies accused of failing to keep
sensitive information in their mobile apps secure.
The settlement with Western Union Co. (WU), Booking Holdings
Inc.'s (BKNG) Priceline.com, Equifax Inc. (EFX), Spark Networks
Inc. (LOV) and Credit Sesame Inc. requires each company to
implement comprehensive security programs to protect user
information.
The New York attorney general's office said the apps had a
well-known security vulnerability that could have allowed
information, such as passwords, social-security numbers,
credit-card numbers and bank-account numbers, to be hacked. The
companies also didn't test the apps for the flaw, according to the
New York attorney general's office.
The apps allegedly failed to establish a secure connection to
the internet and were susceptible to hackers using the same public
WiFi in a coffee shop or at an airport, the New York attorney
general's office said.
"Businesses that make security promises to their users,
especially as it relates to personal information, have a duty to
keep those promises," New York Attorney General Barbara Underwood
said in a statement.
"The vulnerability mentioned was immediately remediated, and we
have no evidence that consumer information was impacted as a
result," an Equifax spokeswoman said.
A Priceline spokesman said the company fixed the issue shortly
after it was identified and did not uncover evidence that any
customer data was affected.
The other companies involved in the settlement didn't respond
immediately to request for comment.
Write to Patrick Thomas at patrick.thomas@wsj.com
(END) Dow Jones Newswires
December 14, 2018 19:03 ET (00:03 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.
Equifax (NYSE:EFX)
Historical Stock Chart
From Mar 2024 to Apr 2024
Equifax (NYSE:EFX)
Historical Stock Chart
From Apr 2023 to Apr 2024